Those are interesting preferences and perspectives. I will set up a site to counter them from my perspective and experiences.
To summarize, you are a dissident. I am a news reporter. You are giving me information about your government. Your life and the lives of your family members now depend 100% on the security of the Tor Proxy transport. Tor is a proxy transport and nothing more.
As a dissident, you have been trained by me to install addons that validate the signature of my HTTPS certs will not change. I also showed you how to do this using openssl s_client. When Tor is popped and routing you to your government hosts, you will see the SSL signature change. Per my instructions, you will cease all communication with me.
Without HTTPS, you are relying entirely on the transport for assurance of who you are talking to. This is neither appropriate nor acceptable for this type of communication.
PGP is not a mitigating control, because the handshake has completed and you are now downloading your state sponsored rootkit. It's too late by that point. The only thing we have to validate ID and allow or block application traffic is a certificate.
Exactly, they have to pop my machine too. They can't just take control of the traffic in the middle, which absolutely can be done in Tor with enough gov controlled guard nodes, as the arms race of patching has proven.
I can set up multiple canaries that they will have to pop and the fingerprint of one of those canaries is going to change or drop off the net.
> They can't just take control of the traffic in the middle, which absolutely can be done in Tor with enough gov controlled guard nodes, as the arms race of patching has proven.
I think you're misunderstanding something here, with onion services traffic is e2e encrypted and self-authenticated, as Matt explains:
> When you connect to an onion service, how do you know no one is MitM'ing you? Easy. It's impossible. The bad guy would have to be in your browser (more accurately: between the browser part of Tor Browser and the Tor process it runs in the background) or between the Tor process the onion service operator is running and the webserver it's pointing at. If you assume your Tor Browser hasn't been compromised, and you assume the onion service is being run intelligently, then a MitM attack is impossible. (And if the onion service isn't being run intelligently, can you really trust its operator to do HTTPS intelligently?)
>
> https://matt.traudt.xyz/posts/dont-https-your-o44SnkW2.html
I think where we are having a disconnect is that what Matt posted works when Tor is working as expected. Software has bugs. Tor has not been an exception to this. I watch their change logs for alpha and there are often bugs that affect this overall concept. They are patched quickly, but Tor nodes are not forced to update, nor is there a safe way for them to do so.
My point is that is a single point of success. Any other web service I would cut some slack. In the case of Tor, it is marketed as a means by which dissidents may communicate safely. Putting peoples lives on a single point of success is not appropriate, especially when there are technical means to mitigate the risk.